lib/47983: libedit segfault at character decoding error (sh autocomplete)

[Matthew Mondor <mm_lists%pulsar-zone.net@localhost>]

>Number:         47983
>Category:       lib
>Synopsis:       libedit segfault at character decoding error (sh autocomplete)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jul 01 22:05:00 +0000 2013
>Originator:     Matthew Mondor
>Release:        NetBSD-6 (branch)
>Organization:
>Environment:
System: NetBSD ninja.xisop 6.1_RC3 NetBSD 6.1_RC3 (GENERIC_MM) #2: Mon Apr 22 
10:06:12 EDT 2013 root@ninja.xisop:/usr/obj/sys/arch/amd64/compile/GENERIC_MM 
amd64
Architecture: x86_64
Machine: amd64
>Description:
I am using a en_US.UTF-8 locale for non-superuser, and files using a
French ISO-8859-1[5] encoding cause /bin/sh to segfault if attempting
to auto-complete them.

Using gdb I could see that el_insertstr() is called inconditionally
with the result of ct_decode_string(), which may return NULL, causing
el_insertstr() to segfault.

>How-To-Repeat:

To reproduce:

$ LANG="en_US.UTF-8" /bin/sh
$ cd /tmp/
$ touch $(printf "z\xE9")
$ ls -l z[TAB]

>Fix:

The following diff fixes the problem for me, with the following result:

$ ls z\U+00E9 
z?
$ 

Index: lib/libedit/chared.c
===================================================================
RCS file: /data/rsync/netbsd-cvs/src/lib/libedit/chared.c,v
retrieving revision 1.36
diff -u -r1.36 chared.c
--- lib/libedit/chared.c        23 Oct 2011 17:37:55 -0000      1.36
+++ lib/libedit/chared.c        1 Jul 2013 20:18:23 -0000
@@ -612,6 +612,10 @@
 {
        size_t len;
 
+       /* String may be NULL, as in the case of a character decoding error
+        */
+       if (s == NULL)
+               return -1;
        if ((len = Strlen(s)) == 0)
                return -1;
        if (el->el_line.lastchar + len >= el->el_line.limit) {